All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

APP Splunk Audit linux Help Configure

erlindemberg
Explorer
‎01-27-2020 10:24 AM

Guys, I would like one. yours.

He has little experience with Splunk and many doubts.
Here at my job, I need to configure the Linux Audit app.

The query that comes ready from the APP is showing three errors when performing the search.

You can help me fix this problem.

| tstats count WHERE [|inputlookup auditd_indices] [|inputlookup auditd_sourcetypes] BY _time span=1h | predict count as prediction future_timespan=0 algorithm=LLP | rename lower95(prediction) as lower, upper95(prediction) as upper | eval range=upper-lower | eval difference=case(count>lower AND countupper, round((count-upper)/range,1)) | search difference=* | table _time difference

Dispatch Command: Unknown error for indexer: brlxp*******. Search Results might be incomplete! If this occurs frequently, please check on the peer.

command="predict", No data

Unknown sid.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...